CVE-2011-5009

3S CoDeSys 3.4 SP4 Patch 2 - Denial of Service via Crafted HTTP Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-5009. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary This exploit leverages a denial-of-service vulnerability in CoDeSys by sending a malformed HTTP POST request with an excessively large Content-Length value (4294967295) to crash the application. The attack is executed via a UDP-based tool (udpsz) targeting port 8080.

Description

The CmpWebServer.dll module in the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a crafted Content-Length in an HTTP POST or (2) an invalid HTTP request method.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Luigi Auriemma · textdosmultiple
https://www.exploit-db.com/exploits/36377

This exploit leverages a denial-of-service vulnerability in CoDeSys by sending a malformed HTTP POST request with an excessively large Content-Length value (4294967295) to crash the application. The attack is executed via a UDP-based tool (udpsz) targeting port 8080.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: CoDeSys (version not specified)
No auth needed
Prerequisites: Network access to the target system · CoDeSys service running on port 8080
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Luigi Auriemma · textdosmultiple
https://www.exploit-db.com/exploits/36378

This exploit leverages a denial-of-service vulnerability in CoDeSys by sending a malformed HTTP request via UDP to port 8080, causing the application to crash.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: CoDeSys (version not specified)
No auth needed
Prerequisites: Network access to the target system · CoDeSys service exposed on port 8080
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Exploit, US Government Resource x_refsource_misc
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf
Mailing List mailing-list x_refsource_bugtraq
http://seclists.org/bugtraq/2011/Nov/178
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/47018
Third Party Advisory x_refsource_misc
http://aluigi.altervista.org/adv/codesys_1-adv.txt
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/77388
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/71533
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/77389

Scores

EPSS 0.1077
EPSS Percentile 95.3%

Details

Status published
Products (1)
3ssoftware/codesys 3.4 sp4
Published Dec 25, 2011
Tracked Since Feb 18, 2026